CVE-2022-45798

Vulnerability

A link following vulnerability exists in the Damage Cleanup Engine component of Trend Micro Apex One and Apex One as a Service. The Damage Cleanup Engine runs within the Trend Micro Common Client Real-time Scan Service. By creating a junction (symbolic link), a local attacker can abuse the service to delete a folder. The vulnerability is present in certain versions of the software; specific affected versions are not detailed in available references. [1]

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. Then, by creating a junction pointing to a privileged location, the attacker can cause the Damage Cleanup Engine to delete a folder, which can be leveraged for privilege escalation. No user interaction is required beyond initial low-privilege code execution. [1]

Impact

Successful exploitation allows an attacker to escalate privileges to SYSTEM and execute arbitrary code in the context of SYSTEM. This results in full compromise of confidentiality, integrity, and availability of the affected system. The CVSS v3 score is 7.8 (High). [1]

Mitigation

Trend Micro has released security updates for Apex One and Apex One as a Service. Users should apply the latest patches as provided in the vendor advisory [2]. The advisory URL currently returns an unavailable page; however, it is recommended to check the Trend Micro support site for the appropriate patch information. [2]